Is your Board equipped to handle a geopolitical crisis?
It’s not enough to evaluate the threats. Boards need a systematic plan to manage them.
In the early hours of Friday 13th June, the company’s CEO calls their Board: “War has broken out between Iran and Israel” they inform them, and asks: "What will this mean for our business? Is the conflict likely to escalate, and if so, is the company willing and able to deal with all potential scenarios?"
Corporate decision makers cannot rely on superficial and unreliable media reports which seldom consider the effects on business, let alone a particular company. Nor is it enough merely to identify external threats; the Board must understand how these threats intersect with the company’s own, often unique set of interests in key markets. What the CEO needs is a systematic, coherent and comprehensive evaluation of how events might unfold and affect the company, and then how to respond. It should be a Board priority.
It is all too easy to get caught out. Three years earlier, when Russian forces attacked Ukraine, few had predicted how this would impact businesses operating in Russia. Western governments quickly imposed crippling sanctions on the country. Outraged consumers in home markets demanded that their country’s multinationals withdraw from the Russian market altogether. The reputational and legal risk of ignoring such calls were likely to be huge. As a result, billions of dollars of investments, to say nothing of 30 years of meticulous brand building by some of the world’s largest companies, were suddenly and unexpectedly jettisoned.
It’s not enough to identify potential threats; one must understand how these might intersect with the company’s own, often unique, set of interests.
The impact cannot be overestimated. The day McDonald’s opened its first Russian outlet in Moscow’s Pushkin Square in 1990, as the Communist system was teetering, some 30,000 Russians queued for a Big Mac. The brand became an iconic symbol of post-communist transition. According to McDonald’s, the decision to exit was based upon five, mainly commercial questions. The fifth was most telling: Does the company’s continuing presence “align with our values?” The negative answer meant that for the first time in the company’s history McDonald’s exited a foreign market.
Few companies had imagined such a dramatic outcome. As former US Defence Secretary Donald Rumsfeld, who famously referred to the “known-knowns” and the “known unknowns” of risk management, understood that these so called “Black Swan” events are seem impossible to believe until they actually happen. But many geopolitical developments, though not always obvious, can be discerned early on.
US President Trump’s tariff war launched in full on April 2nd, for example, was clearly signalled during his election campaign (though perhaps not its extent). When US pharmaceutical companies based themselves in low-tax Ireland, it wasn’t potential changes in Ireland’s tax code that raised doubts about corporate strategy. Instead, it was White House pressure to re-shore operations. US firms that moved to Ireland and re-exported to the US account for a huge proportion of the US’s goods trade deficit with the EU, and found themselves in the crosshairs. Suddenly, the pharma giants were airlifting billions of dollars of drug ingredients from Ireland back to their US HQ to beat tariff deadlines, with some looking to build new facilities at home.
How and where threats arise
A Board’s first step must therefore be to list the key geopolitical events that could upend company operations. Companies, such as automakers, with complex global supply chains and multiple markets can be particularly vulnerable, as an adverse event anywhere in the world can ripple out almost uncontrollably. Nor may it be enough to prepare for just a single risk event. Even a well-prepared company can be overwhelmed when several risk events, say, political upheaval combining with a natural disaster, occur simultaneously. Similarly, one event can cause another in a chain reaction where the secondary or even tertiary impacts can be worse. For example, a terrorist attack may in itself be contained, but if the authorities decide to close roads, railways or ports as a result, operations can be badly hit.
Companies should also be particularly sensitive to their ‘single point of vulnerability.’ Recent fears that Iran might block the Strait of Hormuz – through which one-fifth of the world’s seaborne oil flows – may be deemed unlikely, but for importers that depend on that sea route, such risks should never be dismissed. The potential cost of a quite unlikely event was well illustrated when the Ever Given container ship became stuck in the Suez Canal in March 2021, halting sea traffic for an entire week. Even positive events can have negative consequences. After Covid restrictions were eased, unleashing pent up consumer demand, California’s ports struggled to cope with the increased volume of ships and trucks, driving up retail prices.
Moreover, not all companies are affected by the same event in the same way. Many businesses, especially in the hospitality sector, would have faced bankruptcy during Covid lockdowns had governments not decided to provide support. But companies whose staff could work from home thrived online. More recently, a major power outage in April in France, Spain and Portugal (which early reports suggested might have been sabotage) represented a mild inconvenience for many companies. Others, however, were less sanguine. Frozen food companies, hospitals and even some banks whose data could have been at risk, might have faced huge losses had the outages persisted.
Accidents happen. But sabotage, boycotts and even terrorism may be directed at a company simply because of its assumed nationality. Canadian holidaymakers and consumers, for example, have been boycotting US products after President Trump began questioning Canada’s sovereignty. Russian-connected firms have faced asset freezes as a result of the Ukraine conflict. And certain major retail US brands have been lightning rods for anti-US political protests.
As Risk managers often point out, the biggest threat is usually the one you never thought about.
But even the most far-sighted risk manager would have struggled to predict that Danish companies in Egypt would face the wrath of crowds protesting the ‘Mohamed cartoons’ published in a Danish magazine in 2004.
Predictable or not, Boards should try to think widely and unconventionally. As risk experts like to point out: ‘the biggest threat is usually the one you never thought of.’ Brainstorming worst-case scenarios, or buying market intelligence from reputable risk agencies can help. But perhaps the most effective, if often overlooked, method of detecting early warning signs is to activate a company’s internal channels of on-the-ground intelligence. Everyone from sales and marketing to legal and compliance can be taught to spot unusual changes in their markets. The Board then needs to ensure that there are robust communication channels in place so they receive that information in a timely manner. When all the data points and speculations are gathered, the entire Board should discuss how each risk might be ranked or rated in a consistent and comparable way.
Rising to the challenge
Inherent in the risk rating process is ascertaining how much risk a Board is willingness to tolerate. A finance house with centuries-long reputation for discreet, private-client banking might be far more risk averse than a Silicon Valley start-up that wants to scale fast. Companies with exposed brands, especially fast-moving consumer goods companies, will often head off bad publicity by engaging their fiercest political critics. Board members must truly understand their company’s cultural DNA.
How then can the Board prepare for a crisis? If disaster strikes but in a less important market, the most prudent reaction could be to do nothing and wait it out. A simple insurance policy covering any damage, a financial hedge, or an order to work from home might suffice. When a more robust response is in order, the Board will need a ready-made Plan B, that is regularly tested and updated and can be executed at speed. This raises many important questions. Who will take charge if, for example, a far-flung factory is cut off, or communications systems go down? Are there executives with relevant crisis-management experience elsewhere in the company who can fly to the rescue? Indeed, would their know-how even be relevant in a different market at a different time and for a different event. How strong is the company’s government relations? Can it rely on the authorities to help, and is public opinion sympathetic to brand?
Given the vast array of issues to cover, effective geopolitical risk management will almost certainly require some degree of teamwork at Board-level. Regardless of their formal responsibilities most Board members will have valuable perspectives, and many of them can play a material role, assessing dangers and embedding good practices throughout the organisation.
Six action points for the Board
- Cultivate a variety of intelligence sources, especially well-placed stakeholders.
- Identify the company’s ‘single point of vulnerability’ that must not be risked.
- Develop a coherent (if imperfect) risk rating system that is comparable across markets.
- Ensure that the Board is agreed on how much risk the company is comfortable living with, and that this expectation is explicit.
- Open up discussions about Risk to the whole Board, not just one or two key people.
- Give all Board members a role in identifying and preparing for potential risk events.
CONRAD WOODY
Partner and Head, U.S. Association & Corporate Affairs Practice
United States
www.odgers.com